Problème de Registre, Virus ?

Résolu

babette270466 Messages postés 92 Statut Membre -
Utilisateur anonyme - 8 févr. 2011 à 20:49

Bonjour,
Impossible de charger ou d'exécuter 'C:\DOCUME~1\HP_ADM~1.NOM\LOCALS~1\TEMP\crss.exe' spécifié dans le Registre. vérifiez que le fichier existe sur votre ordinateur ou supprimez la référence dans le Registre. Voilà l'avertissement que je reçois dès l'ouverture de mon ordi, je vous fais parvenir mon rapport Hijackthis, pour que vous m'aidiez à m'en débarrasser, merci d'avance de votre aide...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:50, on 31/01/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\dwm.exe
C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Microsoft\conhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\DOCUME~1\HP_ADM~1.NOM\LOCALS~1\Temp\csrss.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\VM_STI.EXE
C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iGraal\iGraalHelper.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trooner.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:60364
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre2.dll
R3 - URLSearchHook: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\tbInc1.dll
F3 - REG:win.ini: load=C:\DOCUME~1\HP_ADM~1.NOM\LOCALS~1\Temp\csrss.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: iGraal BHO - {240373D3-4199-4F41-BB4D-15D5B830C82D} - C:\Program Files\iGraal\iGraalBHO.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
O2 - BHO: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\tbInc1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre2.dll
O3 - Toolbar: (no name) - {94B3130F-AC1D-4208-8541-83C82A238BF3} - (no file)
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre2.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\tbInc1.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: iGraal Toolbar - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\Program Files\iGraal\iGraalToolbar.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC210NC Webcam
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Bing Bar] "C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [conhost] C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Microsoft\conhost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: Add to AMV Video Converter... - C:\Program Files\MP3 Player Utilities 4.24\AMVConverter\grab.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: iGraal - {0FB6492F-7FED-4446-9863-992806E1C419} - C:\Program Files\iGraal\iGraalButton.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/hardwaredetection/hardwaredetection_3_1_2_0.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1239364121830&h=52e34d969734d0c55ae5246769672e4d/&filename=jinstall-6u13-windows-i586-jc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

Afficher la suite

A voir également:

Problème de Registre, Virus ?
Editeur de registre - Guide
Virus mcafee - Accueil - Piratage
Virus facebook demande d'amis - Accueil - Facebook
Undisclosed-recipients virus - Guide
Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares

76 réponses

Réponse 21 / 76

babette270466 Messages postés 92 Statut Membre

re,
Idem, sauf pas d'écran bleu, mais un redémarrage arrivé au même fichier, et rapport d'erreur à l'ouverture avec récupération d'une erreur sérieuse etc...et envoie sur la page d'internet que je t' ai envoyée par lien et toujours :
"Impossible de charger ou d'exécuter
'C:\DOCUME~1\HP_ADM~1.NOM\LOCALS~1\TEMP\crss.exe' spécifié dans le Registre. vérifiez que le fichier existe sur votre ordinateur ou supprimez la référence dans le Registre" à l'ouverture :(

Réponse 22 / 76

Utilisateur anonyme

crss.exe ou csrss.exe ?

Télécharge ici :OTL

▶ enregistre le sur ton Bureau.

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

sur OTL.exe pour le lancer.

▶ Coche les 2 cases Lop et Purity

▶ Coche la case devant tous les utilisateurs

▶ règle age du fichier sur "60 jours"

▶ dans les 6 onglets de la moitié gauche , mets tout sur "tous"

ne modifie pas ceci :

"fichiers créés" et "fichiers Modifiés"

▶Clic sur Analyse.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

▶▶▶ NE LE POSTE PAS SUR LE FORUM (il est trop long)

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

▶ Clique sur Parcourir et cherche le fichier ci-dessus.

▶ Clique sur Ouvrir.

▶ Clique sur "Cliquez ici pour déposer le fichier".

juste au niveau du bouton , en fin de chargement du fichier , Un lien de cette forme apparaitra :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

▶ Copie ce lien dans ta réponse.

▶▶ Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.

Réponse 23 / 76

babette270466 Messages postés 92 Statut Membre

salut,
oups csrss.exe, grosse erreur ? dslée ! :<
je fais ce que tu m'as demandée et reviens

Réponse 24 / 76

Utilisateur anonyme

bien :)

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 76

babette270466 Messages postés 92 Statut Membre

:) voici les liens :

http://www.cijoint.fr/cjlink.php?file=cj201102/cij798cTvl.zip

http://www.cijoint.fr/cjlink.php?file=cj201102/cijXz3hZT8.zip

Réponse 26 / 76

Utilisateur anonyme

bon on va peut etre arriver à debloquer tout ca

ATTENTION !!! : Script personnalisé pour cette machine uniquement , ne pas reproduire !!

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

sur OTL.exe pour le lancer.

▶Copie la liste qui se trouve en gras ci-dessous,

▶ colle-la dans la zone sous "Personnalisation" :

:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
conhost.exe
dwm.exe

:Services
LiveUpdate Notice Service

:OTL
IE - HKU\S-1-5-21-683206507-3964089895-690238655-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-683206507-3964089895-690238655-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:60586
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 60586
FF - prefs.js..network.proxy.type: 1
O2 - BHO: (iGraal BHO) - {240373D3-4199-4F41-BB4D-15D5B830C82D} - C:\Program Files\iGraal\iGraalBHO.dll (iGraal)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {94B3130F-AC1D-4208-8541-83C82A238BF3} - No CLSID value found.
O3 - HKU\S-1-5-21-683206507-3964089895-690238655-1007\..\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files\free-downloads.net\tbfre2.dll (Conduit Ltd.)
O4 - HKLM\..\Run: [conhost] C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Microsoft\conhost.exe ()
O4 - HKLM\..\Run: [] File not found
F3 - HKU\S-1-5-21-683206507-3964089895-690238655-1007 WinNT: Load - (C:\DOCUME~1\HP_ADM~1.NOM\LOCALS~1\Temp\csrss.exe) - C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Local Settings\Temp\csrss.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-683206507-3964089895-690238655-1007\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-683206507-3964089895-690238655-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = [binary data]
O7 - HKU\S-1-5-21-683206507-3964089895-690238655-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = [binary data]
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers.touslesdrivers.com/hardwaredetection/hardwaredetection_3_1_2_0.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O20 - HKU\S-1-5-21-683206507-3964089895-690238655-1007 Winlogon: Shell - (C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\dwm.exe) - C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\dwm.exe ()

:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=-
"QuickTime Task"=-

:Files
C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Local Settings\Temp\csrss.exe
C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Microsoft\conhost.exe
C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\dwm.exe
C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Local Settings\Application Data\IncrediMail_MediaBar_2
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cab7b54ef31ec0.job
C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\EC3A.6D4
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cab7b54eebf7b2.job
C:\WINDOWS\System32\_*_.tmp.dll
C:\Documents and Settings\Laura\Application Data\agi
C:\Documents and Settings\LocalService\Application Data\agi
@Alternate Data Stream - 231 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

:commands
[emptytemp]
[start explorer]
[reboot]

▶ Clique sur "Correction" pour lancer la suppression.

▶ Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.

Réponse 27 / 76

babette270466 Messages postés 92 Statut Membre

ben non pas cette fois-ci :(
écran bleu encore, message d'erreur , sacré m.... qu'on a chopé, Monument je veux dire bien sur!! ;)

Réponse 28 / 76

Utilisateur anonyme

copie/collle la manip dans un document texte et reessaie en mode sans echec

Réponse 29 / 76

babette270466 Messages postés 92 Statut Membre

J'ai cru que... mais non, pas de page bleu, un redémarrage, un rapport d'erreur, non la punaise est toujours là :(

Réponse 30 / 76

Utilisateur anonyme

je peux lire C:\_OTL\Moved Files\la_date_et_l'heure.txt comme demandé ?

Réponse 31 / 76

babette270466 Messages postés 92 Statut Membre

??? non moi g pas de rapport OTL, juste un moved files vide

Réponse 32 / 76

babette270466 Messages postés 92 Statut Membre

:) bon j'ai visité ton site,comme j'avais un problème de CD, j'ai continué à me renseigner et j'ai lu ViruT, là il parle de Flash_Disinfector.exe que j'ai téléchargé, ça ne pouvait pas faire de mal de l'essayer, je l'ai fait 3 fois coups sur coups, à la troisième il m'a demandé de redémarrer il avait des trucs à virer, et miracle au redémarrage pas de punaise.
pas de victoire trop rapide je vais tenter ton logiciel pour vérifier, si ça ne fonctionne pas je formaterais mon disque tant pis
merci pour ton aide à + :)

Réponse 33 / 76

babette270466 Messages postés 92 Statut Membre

voilà j'ai essayé, elle n'est plus là au démarrage mais elle est toujours dans l'ordi car ça n'a encore pas fonctionné, dommage....

Réponse 34 / 76

babette270466 Messages postés 92 Statut Membre

oups trouvé ! C:\_OTL\MovedFiles\02032011_182329 mais le dossier est vide, je pense que c ce que tu me demandais + haut :<

Réponse 35 / 76

babette270466 Messages postés 92 Statut Membre

bon j'espère que Gen-hackman verra ce post et y répondra ou quelqu'un d'aussi caler que lui : ok j'ai réussi à trouver un Combofix non corrompu enfin qui passe et voici mon rapport, peut-être que la "PUNAISE" commence a avoir quelques failles ou peut-êtrea-t-elle été écrasée ;)

ComboFix 11-01-31.02 - HP_Administrateur 03/02/2011 22:23:30.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1022.438 [GMT 1:00]
Lancé depuis: c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\dwm.exe
c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Microsoft\conhost.exe
C:\Thumbs.db
c:\windows\ST6UNST.000
c:\windows\system\kernel32.dll
c:\windows\system32\_000017_.tmp.dll
c:\windows\system32\_000035_.tmp.dll
c:\windows\system32\_000072_.tmp.dll
c:\windows\system32\_000086_.tmp.dll
c:\windows\system32\_000089_.tmp.dll
c:\windows\system32\_000092_.tmp.dll
c:\windows\system32\_000098_.tmp.dll
c:\windows\system32\_000099_.tmp.dll
c:\windows\system32\_000106_.tmp.dll
c:\windows\system32\_000110_.tmp.dll
c:\windows\system32\_000118_.tmp.dll
c:\windows\system32\_007765_.tmp.dll
c:\windows\system32\_007779_.tmp.dll
c:\windows\system32\_007783_.tmp.dll
c:\windows\system32\_007800_.tmp.dll
c:\windows\system32\_007812_.tmp.dll
c:\windows\system32\_007991_.tmp.dll
c:\windows\system32\_007992_.tmp.dll
c:\windows\system32\_007993_.tmp.dll
c:\windows\system32\_007994_.tmp.dll
c:\windows\system32\_008001_.tmp.dll
c:\windows\system32\_008002_.tmp.dll
c:\windows\system32\_008003_.tmp.dll
c:\windows\system32\_008004_.tmp.dll
c:\windows\system32\_008006_.tmp.dll
c:\windows\system32\_008007_.tmp.dll
c:\windows\system32\_008010_.tmp.dll
c:\windows\system32\_008011_.tmp.dll
c:\windows\system32\_008013_.tmp.dll
c:\windows\system32\_008014_.tmp.dll
c:\windows\system32\_008015_.tmp.dll
c:\windows\system32\_008017_.tmp.dll
c:\windows\system32\_008019_.tmp.dll
c:\windows\system32\_008020_.tmp.dll
c:\windows\system32\_008021_.tmp.dll
c:\windows\system32\_008025_.tmp.dll
c:\windows\system32\_008026_.tmp.dll
c:\windows\system32\_008028_.tmp.dll
c:\windows\system32\_008030_.tmp.dll
c:\windows\system32\_008031_.tmp.dll
c:\windows\system32\_008033_.tmp.dll
c:\windows\system32\_008034_.tmp.dll
c:\windows\system32\_008035_.tmp.dll
c:\windows\system32\_008036_.tmp.dll
c:\windows\system32\_008037_.tmp.dll
c:\windows\system32\_008040_.tmp.dll
c:\windows\system32\_008041_.tmp.dll
c:\windows\system32\_008042_.tmp.dll
c:\windows\system32\_008043_.tmp.dll
c:\windows\system32\_008044_.tmp.dll
c:\windows\system32\_008049_.tmp.dll
c:\windows\system32\_008051_.tmp.dll
c:\windows\system32\Ijl11.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE

((((((((((((((((((((((((((((( Fichiers créés du 2011-01-03 au 2011-02-03 ))))))))))))))))))))))))))))))))))))
.

2011-02-03 20:36 . 2011-02-03 20:36 -------- d-----w- c:\program files\Microsoft.NET
2011-02-03 20:14 . 2011-02-03 20:14 -------- d-----w- c:\program files\ma-config.com
2011-02-03 20:10 . 2011-02-03 20:10 -------- d-----w- c:\program files\MSN Toolbar
2011-02-03 20:10 . 2011-02-03 20:10 -------- d-----w- c:\program files\Bing Bar Installer
2011-02-03 20:10 . 2011-02-03 20:10 -------- dc----w- c:\documents and settings\All Users\Application Data\HP Photo Creations
2011-02-03 20:10 . 2011-02-03 20:10 -------- d-----w- c:\program files\HP Photo Creations
2011-02-03 17:23 . 2011-02-03 17:23 -------- dc----w- C:\_OTL
2011-02-03 17:12 . 2010-05-07 17:07 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2011-02-03 15:36 . 2011-02-03 15:36 -------- dc----w- c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Local Settings\Application Data\Secunia PSI
2011-02-03 15:35 . 2011-02-03 15:35 -------- d-----w- c:\program files\Secunia
2011-02-03 14:38 . 2011-02-03 14:38 -------- dc----w- c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\DoctorWeb
2011-02-03 14:02 . 2011-02-03 14:03 -------- d-----w- c:\program files\AutoWebCam
2011-02-03 13:46 . 2005-02-26 15:25 91527 ----a-w- c:\windows\system32\drivers\usbVM31b.sys
2011-02-03 13:46 . 2004-04-26 14:48 53248 ----a-w- c:\windows\amcap.exe
2011-02-03 13:46 . 2002-08-22 15:34 147456 ----a-w- c:\windows\VMCap.exe
2011-01-31 18:10 . 2011-01-31 18:10 -------- dc----w- c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Local Settings\Application Data\IncrediMail_MediaBar_2
2011-01-31 17:22 . 2011-02-03 19:34 -------- d-----w- c:\program files\List_Kill'em
2011-01-28 10:54 . 2011-01-28 10:54 -------- dc----w- C:\Swsetup
2011-01-27 15:49 . 2011-01-27 15:49 247 -c--a-w- c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Microsoft\gb_218140.bat
2011-01-22 11:45 . 2011-01-22 11:45 -------- dc----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2011-01-22 11:21 . 2011-01-22 11:21 -------- dc----w- c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Visan
2011-01-22 11:21 . 2011-01-22 11:21 -------- dc----w- c:\documents and settings\All Users\Application Data\Visan
2011-01-22 11:02 . 2011-02-03 20:29 -------- dc----w- c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\HpUpdate
2011-01-22 11:01 . 2010-06-14 20:19 1907560 ----a-w- c:\windows\system32\HPScanMiniDrv_DJ1050_J410.dll
2011-01-22 11:01 . 2010-06-14 20:19 264552 ----a-w- c:\windows\system32\hpinksts8911LM.dll
2011-01-22 11:01 . 2010-06-14 20:19 232296 ----a-w- c:\windows\system32\hpinksts8911.dll
2011-01-22 11:01 . 2010-06-14 20:19 213352 ----a-w- c:\windows\system32\hpinkcoi8911.dll
2011-01-09 18:10 . 2011-01-16 09:47 -------- dc----w- C:\Temp

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-19 19:14 . 2010-11-19 19:14 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-18 18:12 . 2004-08-10 11:00 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2004-08-10 11:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:21 . 2004-08-10 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:21 . 2004-08-10 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:21 . 2004-08-10 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
.

------- Sigcheck -------

[-] 2009-04-10 . A29E1209F925A0E9B330E11DA5FC7BAB . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
[-] 2009-04-10 . A29E1209F925A0E9B330E11DA5FC7BAB . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2005-03-14 . 6129E70F3D2F1E60860C930EBEAF92C2 . 359936 . . [5.1.2600.2631] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{240373D3-4199-4F41-BB4D-15D5B830C82D}]
2011-01-05 10:36 592144 ----a-w- c:\program files\iGraal\iGraalBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\free-downloads.net\tbfre2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfre2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-04 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-28 8466432]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"nwiz"="nwiz.exe" [2007-08-28 1626112]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TrayMin210.exe.lnk]
backup=c:\windows\pss\TrayMin210.exe.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
2009-09-02 19:09 1682744 ----a-w- c:\program files\CCleaner\CCleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2010-10-25 07:19 126976 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-10 23:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-06-04 14:23 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BigDogPath"=c:\windows\VM_STI.EXE Philips SPC210NC Webcam
"conhost"=c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Microsoft\conhost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Metin2_France\\metin2client.bin"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7561:TCP"= 7561:TCP:emuleTCP
"7571:UDP"= 7571:UDP:EmuleUDP
"6112:TCP"= 6112:TCP:warcraft 3
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [11/09/2009 10:48 108289]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [07/05/2010 18:05 1051976]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [02/01/2006 16:47 2825088]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [24/02/2010 14:41 10064]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13/09/2009 18:38 133104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [09/07/2009 22:41 13224]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [24/01/2011 14:49 310640]
S3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\hmvmdm.sys [25/01/2009 18:09 101120]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [07/07/2010 15:05 14904]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [20/02/2009 16:18 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [20/02/2009 16:18 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [20/02/2009 16:18 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [20/02/2009 16:18 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [20/02/2009 16:18 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [20/02/2009 16:18 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [20/02/2009 16:18 115752]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [20/02/2009 16:18 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [20/02/2009 16:18 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [20/02/2009 16:18 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [20/02/2009 16:18 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [20/02/2009 16:18 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [20/02/2009 16:18 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [20/02/2009 16:18 109736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15/09/2009 10:39 697328]
.
Contenu du dossier 'Tâches planifiées'

2010-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

2011-02-03 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 15:07]

2011-02-03 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 15:07]

2011-02-03 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 15:07]

2011-02-03 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 15:07]

2011-02-03 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-04-06 08:32]

2011-02-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-20 17:38]

2011-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cab7b54eebf7b2.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 17:38]

2011-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cab7b54ef31ec0.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 17:38]

2011-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-683206507-3964089895-690238655-1010Core.job
- c:\documents and settings\Laura\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-03 16:06]

2011-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-683206507-3964089895-690238655-1010UA.job
- c:\documents and settings\Laura\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-03 16:06]

2011-02-03 c:\windows\Tasks\User_Feed_Synchronization-{6817D9B2-9C53-40D0-B55B-5094BB196BEB}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=63&bd=PAVILION&pf=desktop
mStart Page = hxxp://www.trooner.com/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=63&bd=PAVILION&pf=desktop
uInternet Settings,ProxyServer = http=127.0.0.1:60586
IE: Add to AMV Video Converter... - c:\program files\MP3 Player Utilities 4.24\AMVConverter\grab.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{0FB6492F-7FED-4446-9863-992806E1C419} - {0FB6492F-7FED-4446-9863-992806E1C419} - c:\program files\iGraal\iGraalButton.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Mozilla\Firefox\Profiles\r64ekl8v.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60586
FF - prefs.js: network.proxy.type - 1
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
- - - - ORPHELINS SUPPRIMES - - - -

Toolbar-{94B3130F-AC1D-4208-8541-83C82A238BF3} - (no file)
WebBrowser-{94B3130F-AC1D-4208-8541-83C82A238BF3} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-conhost - c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Microsoft\conhost.exe
MSConfigStartUp-AppleSyncNotifier - c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSConfigStartUp-CanonMyPrinter - c:\program files\Canon\MyPrinter\BJMyPrt.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-03 22:32
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(3916)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSFR.DLL
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2011-02-03 22:36:51 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-02-03 21:36

Avant-CF: 105 738 010 624 octets libres
Après-CF: 106 312 105 984 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=2 LastKnownGood=5 Sets=,1,2,3,4,5
- - End Of File - - B2F45F030456F5275A483A06BE7D996E

Réponse 36 / 76

babette270466 Messages postés 92 Statut Membre

bon je continue mon chemin toute seule, je viens de recommencer la manip + haut avec OTL en mode normal : impec ça marche voici mon rapport :

02032011_233947.log :

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
Process iexplore.exe killed successfully!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
No active process named conhost.exe was found!
No active process named dwm.exe was found!
========== SERVICES/DRIVERS ==========
Service LiveUpdate Notice Service stopped successfully!
Service LiveUpdate Notice Service deleted successfully!
========== OTL ==========
HKU\S-1-5-21-683206507-3964089895-690238655-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-683206507-3964089895-690238655-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 60586 removed from network.proxy.http_port
Prefs.js: 1 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{240373D3-4199-4F41-BB4D-15D5B830C82D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{240373D3-4199-4F41-BB4D-15D5B830C82D}\ not found.
File C:\Program Files\iGraal\iGraalBHO.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files\ConduitEngine\ConduitEngine.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{94B3130F-AC1D-4208-8541-83C82A238BF3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94B3130F-AC1D-4208-8541-83C82A238BF3}\ not found.
Registry value HKEY_USERS\S-1-5-21-683206507-3964089895-690238655-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{ECDEE021-0D17-467F-A1FF-C7A115230949} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ECDEE021-0D17-467F-A1FF-C7A115230949}\ deleted successfully.
File downloads.net\tbfre2.dll not found.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Microsoft\conhost.exe not found.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run\ not found.
File C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Local Settings\Temp\csrss.exe not found.
Registry value HKEY_USERS\S-1-5-21-683206507-3964089895-690238655-1007\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-21-683206507-3964089895-690238655-1007\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry value HKEY_USERS\S-1-5-21-683206507-3964089895-690238655-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_USERS\S-1-5-21-683206507-3964089895-690238655-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSharedDocuments deleted successfully.
Starting removal of ActiveX control {867E13F2-7F31-44FB-AC97-CD38E0DC46EF}
C:\WINDOWS\Downloaded Program Files\hardwaredetection.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{867E13F2-7F31-44FB-AC97-CD38E0DC46EF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{867E13F2-7F31-44FB-AC97-CD38E0DC46EF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{867E13F2-7F31-44FB-AC97-CD38E0DC46EF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{867E13F2-7F31-44FB-AC97-CD38E0DC46EF}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control CabBuilder
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\CabBuilder\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\CabBuilder\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\CabBuilder\ not found.
Registry value HKEY_USERS\S-1-5-21-683206507-3964089895-690238655-1007\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell not found.
File C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\dwm.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RTHDCPL deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Local Settings\Temp\csrss.exe not found.
File\Folder C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Microsoft\conhost.exe not found.
File\Folder C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\dwm.exe not found.
C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Local Settings\Application Data\IncrediMail_MediaBar_2 folder moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cab7b54ef31ec0.job moved successfully.
C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\EC3A.6D4 moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cab7b54eebf7b2.job moved successfully.
File\Folder C:\WINDOWS\System32\_*_.tmp.dll not found.
C:\Documents and Settings\Laura\Application Data\agi\config folder moved successfully.
C:\Documents and Settings\Laura\Application Data\agi folder moved successfully.
C:\Documents and Settings\LocalService\Application Data\agi\logs folder moved successfully.
C:\Documents and Settings\LocalService\Application Data\agi\config folder moved successfully.
C:\Documents and Settings\LocalService\Application Data\agi folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: HP_Administrateur.NOM-FB9B15D2723
->Temp folder emptied: 62 bytes
->Temporary Internet Files folder emptied: 8527799 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3621659 bytes
->Google Chrome cache emptied: 6138516 bytes
->Flash cache emptied: 863 bytes

User: Laura
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 54433826 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 59098 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 22016 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 70,00 mb

OTL by OldTimer - Version 3.2.20.6 log created on 02032011_233947

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

je ne sais pas si j'ai terminer de désinfecter ou si il reste à faire dans tous les cas merci, et précisez-moi si résolu ou pas

Réponse 37 / 76

Utilisateur anonyme

hello préssée ?? dommage , j'avais demandé de renommer Combofix :) ^^

__________________________________________________
=>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=
----------------------------------------------------------------------------

Toujours avec toutes les protections désactivées, fais ceci :

▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
KillAll::

File:
c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Microsoft\gb_218140.bat
c:\windows\system32\ConduitEngine.tmp

AtJob::

MBR::

------------------------------------------------------------------

▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes

▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix

▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt

Réponse 38 / 76

babette270466 Messages postés 92 Statut Membre

bonsoir gen-hackman,
pas pressée moi ;), mais vu le temps que tu as passé à essayer de m'aider....

oups combo s'appelle désormais "désactivé", j'étais trop contente d'avoir réussi à faire quelque chose que je me suis précipitée :<

voici mon rapport :

ComboFix 11-01-31.02 - HP_Administrateur 04/02/2011 21:33:41.2.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1022.624 [GMT 1:00]
Lancé depuis: c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\désactivé.exe
Commutateurs utilisés :: c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((( Fichiers créés du 2011-01-04 au 2011-02-04 ))))))))))))))))))))))))))))))))))))
.

2011-02-03 22:16 . 2011-02-03 22:41 -------- d-----w- c:\windows\SxsCaPendDel
2011-02-03 20:36 . 2011-02-03 20:36 -------- d-----w- c:\program files\Microsoft.NET
2011-02-03 17:23 . 2011-02-03 17:23 -------- dc----w- C:\_OTL
2011-02-03 17:12 . 2010-05-07 17:07 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2011-02-03 15:36 . 2011-02-03 15:36 -------- dc----w- c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Local Settings\Application Data\Secunia PSI
2011-02-03 15:35 . 2011-02-03 15:35 -------- d-----w- c:\program files\Secunia
2011-02-03 14:38 . 2011-02-03 14:38 -------- dc----w- c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\DoctorWeb
2011-02-03 14:02 . 2011-02-03 14:03 -------- d-----w- c:\program files\AutoWebCam
2011-02-03 13:46 . 2005-02-26 15:25 91527 ----a-w- c:\windows\system32\drivers\usbVM31b.sys
2011-02-03 13:46 . 2004-04-26 14:48 53248 ----a-w- c:\windows\amcap.exe
2011-02-03 13:46 . 2002-08-22 15:34 147456 ----a-w- c:\windows\VMCap.exe
2011-01-31 17:22 . 2011-02-03 22:10 -------- d-----w- c:\program files\List_Kill'em
2011-01-28 10:54 . 2011-01-28 10:54 -------- dc----w- C:\Swsetup
2011-01-27 15:49 . 2011-01-27 15:49 247 -c--a-w- c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Microsoft\gb_218140.bat
2011-01-22 11:45 . 2011-01-22 11:45 -------- dc----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2011-01-22 11:21 . 2011-01-22 11:21 -------- dc----w- c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Visan
2011-01-22 11:21 . 2011-01-22 11:21 -------- dc----w- c:\documents and settings\All Users\Application Data\Visan
2011-01-22 11:02 . 2011-02-03 20:29 -------- dc----w- c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\HpUpdate
2011-01-09 18:10 . 2011-01-16 09:47 -------- dc----w- C:\Temp

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-18 18:12 . 2004-08-10 11:00 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2004-08-10 11:00 249856 ----a-w- c:\windows\system32\odbc32.dll
.

------- Sigcheck -------

[-] 2009-04-10 . A29E1209F925A0E9B330E11DA5FC7BAB . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
[-] 2009-04-10 . A29E1209F925A0E9B330E11DA5FC7BAB . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2005-03-14 . 6129E70F3D2F1E60860C930EBEAF92C2 . 359936 . . [5.1.2600.2631] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-04 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-28 8466432]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TrayMin210.exe.lnk]
backup=c:\windows\pss\TrayMin210.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
2009-09-02 19:09 1682744 ----a-w- c:\program files\CCleaner\CCleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2010-10-25 07:19 126976 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-10 23:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-06-04 14:23 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Metin2_France\\metin2client.bin"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7561:TCP"= 7561:TCP:emuleTCP
"7571:UDP"= 7571:UDP:EmuleUDP
"6112:TCP"= 6112:TCP:warcraft 3
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [11/09/2009 10:48 108289]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [07/05/2010 18:05 1051976]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [02/01/2006 16:47 2825088]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [24/02/2010 14:41 10064]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13/09/2009 18:38 133104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [09/07/2009 22:41 13224]
S3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\hmvmdm.sys [25/01/2009 18:09 101120]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [07/07/2010 15:05 14904]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [20/02/2009 16:18 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [20/02/2009 16:18 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [20/02/2009 16:18 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [20/02/2009 16:18 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [20/02/2009 16:18 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [20/02/2009 16:18 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [20/02/2009 16:18 115752]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [20/02/2009 16:18 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [20/02/2009 16:18 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [20/02/2009 16:18 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [20/02/2009 16:18 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [20/02/2009 16:18 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [20/02/2009 16:18 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [20/02/2009 16:18 109736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15/09/2009 10:39 697328]
.
Contenu du dossier 'Tâches planifiées'

2011-02-04 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-04-06 08:32]

2011-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-683206507-3964089895-690238655-1010Core.job
- c:\documents and settings\Laura\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-03 16:06]

2011-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-683206507-3964089895-690238655-1010UA.job
- c:\documents and settings\Laura\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-03 16:06]

2011-02-04 c:\windows\Tasks\User_Feed_Synchronization-{6817D9B2-9C53-40D0-B55B-5094BB196BEB}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=63&bd=PAVILION&pf=desktop
mStart Page = hxxp://www.trooner.com/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=63&bd=PAVILION&pf=desktop
IE: Add to AMV Video Converter... - c:\program files\MP3 Player Utilities 4.24\AMVConverter\grab.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
FF - ProfilePath - c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Mozilla\Firefox\Profiles\r64ekl8v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - free-downloads.net Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1098640&SearchSource=13
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox 3.1 Beta 3\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
.
- - - - ORPHELINS SUPPRIMES - - - -

URLSearchHooks-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
Toolbar-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-04 21:41
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(3580)
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2011-02-04 21:46:00 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-02-04 20:45
ComboFix2.txt 2011-02-03 21:36

Avant-CF: 105 966 321 664 octets libres
Après-CF: 105 979 273 216 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=2 LastKnownGood=5 Sets=,1,2,3,4,5
- - End Of File - - 0ECC90D082B24291490620248F141323

merci

Réponse 39 / 76

Utilisateur anonyme

__________________________________________________
=>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=
----------------------------------------------------------------------------

Toujours avec toutes les protections désactivées, fais ceci :

▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
KillAll::

File::
c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Microsoft\gb_218140.bat

Firefox::
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - free-downloads.net Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1098640&SearchSource=13

Registry::
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"=-

MBR::

------------------------------------------------------------------

▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes

▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix

▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt

Réponse 40 / 76

babette270466 Messages postés 92 Statut Membre

Hello,

voici le nouveau rapport ComboFix :)

ComboFix 11-01-31.02 - HP_Administrateur 05/02/2011 18:23:49.3.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1022.626 [GMT 1:00]
Lancé depuis: c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\désactivé.exe
Commutateurs utilisés :: c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\CFScript.txt.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Microsoft\gb_218140.bat"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Microsoft\gb_218140.bat

.
((((((((((((((((((((((((((((( Fichiers créés du 2011-01-05 au 2011-02-05 ))))))))))))))))))))))))))))))))))))
.

2011-02-04 21:43 . 2010-01-10 18:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2011-02-04 21:37 . 2011-02-04 21:37 -------- d-----w- c:\program files\WOT
2011-02-04 21:11 . 2011-02-04 21:11 -------- dc----w- C:\Kill'em
2011-02-03 22:16 . 2011-02-03 22:41 -------- d-----w- c:\windows\SxsCaPendDel
2011-02-03 20:36 . 2011-02-03 20:36 -------- d-----w- c:\program files\Microsoft.NET
2011-02-03 17:23 . 2011-02-03 17:23 -------- dc----w- C:\_OTL
2011-02-03 17:12 . 2010-05-07 17:07 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2011-02-03 15:36 . 2011-02-03 15:36 -------- dc----w- c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Local Settings\Application Data\Secunia PSI
2011-02-03 15:35 . 2011-02-03 15:35 -------- d-----w- c:\program files\Secunia
2011-02-03 14:38 . 2011-02-03 14:38 -------- dc----w- c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\DoctorWeb
2011-02-03 14:02 . 2011-02-03 14:03 -------- d-----w- c:\program files\AutoWebCam
2011-02-03 13:46 . 2005-02-26 15:25 91527 ----a-w- c:\windows\system32\drivers\usbVM31b.sys
2011-02-03 13:46 . 2004-04-26 14:48 53248 ----a-w- c:\windows\amcap.exe
2011-02-03 13:46 . 2002-08-22 15:34 147456 ----a-w- c:\windows\VMCap.exe
2011-01-31 17:22 . 2011-02-04 22:14 -------- d-----w- c:\program files\List_Kill'em
2011-01-28 10:54 . 2011-01-28 10:54 -------- dc----w- C:\Swsetup
2011-01-22 11:45 . 2011-01-22 11:45 -------- dc----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2011-01-22 11:21 . 2011-01-22 11:21 -------- dc----w- c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Visan
2011-01-22 11:21 . 2011-01-22 11:21 -------- dc----w- c:\documents and settings\All Users\Application Data\Visan
2011-01-22 11:02 . 2011-02-03 20:29 -------- dc----w- c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\HpUpdate
2011-01-09 18:10 . 2011-01-16 09:47 -------- dc----w- C:\Temp

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-18 18:12 . 2004-08-10 11:00 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2004-08-10 11:00 249856 ----a-w- c:\windows\system32\odbc32.dll
.

------- Sigcheck -------

[-] 2009-04-10 . A29E1209F925A0E9B330E11DA5FC7BAB . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
[-] 2009-04-10 . A29E1209F925A0E9B330E11DA5FC7BAB . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2005-03-14 . 6129E70F3D2F1E60860C930EBEAF92C2 . 359936 . . [5.1.2600.2631] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-04 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-28 8466432]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TrayMin210.exe.lnk]
backup=c:\windows\pss\TrayMin210.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
2009-09-02 19:09 1682744 ----a-w- c:\program files\CCleaner\CCleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2010-10-25 07:19 126976 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-10 23:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-04-29 14:39 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (registration)]
2010-04-29 14:39 85328 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamext.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-06-04 14:23 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Metin2_France\\metin2client.bin"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7561:TCP"= 7561:TCP:emuleTCP
"7571:UDP"= 7571:UDP:EmuleUDP
"6112:TCP"= 6112:TCP:warcraft 3

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [11/09/2009 10:48 108289]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [07/05/2010 18:05 1051976]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [02/01/2006 16:47 2825088]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [24/02/2010 14:41 10064]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13/09/2009 18:38 133104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [09/07/2009 22:41 13224]
S3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\hmvmdm.sys [25/01/2009 18:09 101120]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [07/07/2010 15:05 14904]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [20/02/2009 16:18 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [20/02/2009 16:18 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [20/02/2009 16:18 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [20/02/2009 16:18 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [20/02/2009 16:18 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [20/02/2009 16:18 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [20/02/2009 16:18 115752]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [20/02/2009 16:18 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [20/02/2009 16:18 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [20/02/2009 16:18 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [20/02/2009 16:18 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [20/02/2009 16:18 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [20/02/2009 16:18 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [20/02/2009 16:18 109736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15/09/2009 10:39 697328]
.
Contenu du dossier 'Tâches planifiées'

2011-02-05 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-04-06 08:32]

2011-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-683206507-3964089895-690238655-1010Core.job
- c:\documents and settings\Laura\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-03 16:06]

2011-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-683206507-3964089895-690238655-1010UA.job
- c:\documents and settings\Laura\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-03 16:06]

2011-02-05 c:\windows\Tasks\User_Feed_Synchronization-{6817D9B2-9C53-40D0-B55B-5094BB196BEB}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=63&bd=PAVILION&pf=desktop
mStart Page = hxxp://www.trooner.com/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=63&bd=PAVILION&pf=desktop
IE: Add to AMV Video Converter... - c:\program files\MP3 Player Utilities 4.24\AMVConverter\grab.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
FF - ProfilePath - c:\documents and settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Mozilla\Firefox\Profiles\r64ekl8v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - free-downloads.net Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1098640&SearchSource=13
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox 3.1 Beta 3\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-05 18:44
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(432)
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2011-02-05 18:48:56 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-02-05 17:48
ComboFix2.txt 2011-02-04 20:46
ComboFix3.txt 2011-02-03 21:36

Avant-CF: 105 874 448 384 octets libres
Après-CF: 105 836 306 432 octets libres

Current=3 Default=3 Failed=2 LastKnownGood=5 Sets=,1,2,3,4,5
- - End Of File - - 437C044123860D8D81A2D56298940D39

Discussions similaires

Softonic,est-ce un virus ?

Désinstaller Softonic

Message Apple virus !!

virus Artemis!

Problème de Registre, Virus ?

76 réponses

Votre réponse

Discussions similaires

Newsletters